// security
AgentPM is built around sensitive engineering context. This page explains what the product is designed to capture, how teams should think about access, and where to start a security review.
AgentPM captures supported coding-agent session evidence such as prompts, agent replies, terminal and tool output, file, repo, and session context, decisions, risks, and open loops when those signals are present in the local agent record.
Captured sessions can contain sensitive engineering context. Teams should roll out AgentPM intentionally, decide who can access each organization, and treat session evidence with the same care they apply to code review, incident notes, and internal engineering systems.
AgentPM keeps organization workspaces behind authentication. Private app routes, API routes, downloads, organization pages, the investor pitch, and internal review pages are blocked from public discovery through crawler policy and noindex controls.
AgentPM is not employee surveillance, public transcript publishing, runtime LLM observability, or a replacement for GitHub, Jira, Linear, CI, or code review. It preserves the work evidence those systems usually do not see.
// security review
Every engineering team has different expectations for access, rollout, retention, source-code handling, and vendor review. For security, retention, or deployment questions, contact the AgentPM team and we will work through the details directly.